|
|
217aab7dcd
|
feat: registration and login with JWT auth
- users table: email, password_hash (bcrypt), role, is_active
- POST /auth/register — checks blocklist, hashes password, returns JWT
- POST /auth/login — verifies password, returns JWT
- Auth middleware: accepts env tokens (dev) OR valid JWTs
- end-user role → 403 Insufficient permissions on all /api/* routes
- JWT_SECRET + JWT_EXPIRES_IN env vars
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-21 13:04:17 +02:00 |
|
|
|
0f35459b86
|
feat: pictures table, Hetzner S3 upload/delete, auto-migration
- pictures table with UUID, status enum, timestamps, blurhash, design
- Auto-trigger updates updated_at on every row change
- POST /api/pictures/:id/upload → upload file to Hetzner snakkimo bucket
- DELETE /api/pictures/:id → removes DB row + Hetzner file
- PATCH /api/pictures/:id → auto-sets published/blocked timestamps
- Migration runs on every server start (idempotent)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-05-20 13:39:16 +02:00 |
|